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ABSTRACT 



A system for rapidly switching at least one virtual local area 
network (VLAN) from a first loop-free topology to a second 
loop-free topology in response to a failure within the first 
loop-free topology. Each VLAN has one "logical" VLAN 
which represents the network entities organized into the 
VLAN and a set of "physical" VLANs each having its own 
VLAN designation. For each physical VLAN, a different 
loop-free topology is defined, although only one physical 
VLAN is "active" at any given time. Messages associated 
with the logical VLAN are tagged with the designation of 
the currently active physical VLAN, and forwarded along its 
loop-free topology. Upon detecting a failure in the loop-free 
topology, the logical VLAN is rapidly switched to the 
loop- free topology defined by a second, back-up physical 
VLAN. Following the switch messages associated with the 
logical VLAN arc tagged with the designation of this 
back-up VLAN and are forwarded along its loop-free topol- 
ogy. 

18 Claims, 7 Drawing Sheets 
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DEFINE PLURALITY OF "LOGICAL" VIRTUAL LOCAL 
AREA NETWORKS (VLANs) WITHIN NETWORK AND 
ASSIGN VLAN MEMBERSHIPS TO NETWORK ENTITIES 



•402 



FOR EACH LOGICAL VLAN, DEFINE A CORRESPONDING SET 
OF ASSOCIATED PHYSICAL VLANs 



ESTABLISH A LOOP-FREE TOPOLOGY 
FOR EACH PHYSICAL VLAN 




FOR EACH LOGICAL VLAN, DESIGNATE 
A SELECTED PHYSICAL VLAN AS THE ACTIVE PHYSICAL VLAN 







FOR EACH LOGICAL VLAN, AS 
COUPLED TO MEMBERS 0 
THE VLAN DESIGNATION OF TH 


SOCIATE ALL ACCESS PORTS 
F THE LOGICAL VLAN WITH 
E DESIGNATED PHYSICAL VLAN 



y 



408 



•410 



IN RESPONSE TO THE DETECTION OF A FAILURE, 
ALERT TOPOLOGY SWITCH ENGINE OF AFFECTED LINK/PORT 




IDENTIFY ALL LOGICAL VLANs UTILIZING 
THE AFFECTED LINK/PORT AND THEIR ACTIVE PHYSICAL VLANs 




TO FIG. 4B 



FIG. 4A 
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FROM FIG.4A 



TRANSITION ACTIVE PHYSICAL VLAN(S) 
FOR AFFECTED LINK/PORT TO UNUSABLE STATE 






FOR EACH LOGICAL VLAN WHOSE ACTIVE PHYSICAL VLAN 
WAS TRANSITIONED TO THE UNUSABLE STATE DUE TO 
THE LINK/DEVICE FAILURE, IDENTIFY A BACK-UP PHYSICAL VLAN 






TRANSITION IDENTIFIED BACK-UP PHYSICAL VLAN 
FROM STAND-BY TO ACTIVE STATE 







■416 



■418 



■420 



FOR EACH LOGICAL VLAN WHOSE ACTIVE PHYSICAL VLAN 
WAS TRANSITIONED TO THE UNUSABLE STATE DUE 
TO THE LINK/DEVICE FAILURE, SWITCH THE VLAN ASSOCIATION 
OF ALL CORRESPONDING ACCESS PORTS 
FROM THE NOW UNUSABLE PHYSICAL VLAN 
TO THE NEWLY ACTIVATED PHYSICAL VLAN 



■422 







GENERATE AND TRANSMIT 
ONE OR MORE NOTIFICATION MESSAGES 






TAG SUBSEQUENT MESSAGES CORRESPONDING 
TO LOGICAL VLAN WITH IDENTIFIED BACK-UP PHYSICAL VLAN 



■424 



■426 



FIG. 4B 
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508 



FIG. 5A 



512 



EVENT 


DESCRIPTION 




E1 


CONVERGENCE/STABLE 
TOPOLOGY 


E2 


SELECTION AS DESIGNATED 
PHYSICAL VLAN 


E3 


LINK/DEVICE FAILURE 
DETECTED 


E4 


NETWORK PARTITION 





514 



FIG. 5B 

516 



LOGICAL VLAN 


PHYSICAL VLAN 


STATE 




1 (RED) 


10 (VIOLET) 


UNUSABLE 




11 (PURPLE) 


ACTIVE — UNUSABLE 




12 (MAGENTA) 


STAND-BY 




13 (ORANGE) 


STAND-BY— ACTIVE 




2 (BLUE) 


14 (BROWN) 


ACTIVE 




15 (ROSE) 


STAND-BY 




16 (GRAY) 


STAND-BY 




3 (YELLOW) 


17 (CYAN) 


STAND-BY 




18 (CRIMSON) 


UNUSABLE 




19 (SILVER) 


STAND-BY 




20 (SEA GREEN) 


ACTIVE 




4 (GREEN) 


21 (TURQUOISE) 


STAND-BY 




22 (WHITE) 


ACTIVE 




23 (OLIVE) 


STAND-BY 





510 



-518 
■520 



FIG. 5C 
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FAST CONVERGENCE WITH TOPOLOGY 
SWITCHING 

CROSS-REFERENCE TO RELATED 
APPLICATIONS 

This application is related to the following co-pending 
U.S. Patent Applications: U.S. patent application Ser. No. 
08/998,412 entitled, METHOD AND APPARATUS FOR 
RAPIDLY RECONFIGURING COMPUTER NETWORKS 
filed Dec. 24, 1997, now U.S. Pat. No. 6,032,194; and U.S. 
patent application Ser. No. 09/208,175 entitled, VALUE- 
ADDED FEATURES FOR THE SPANNING TREE 
PROTOCOL, filed Dec. 9, 1998. 

FIELD OF THE INVENTION 

The present invention relates generally to computer 
networks, and more specifically, to a method and apparatus 
for quickly identifying and selecting loop-free topologies in 
computer networks. 

BACKGROUND OF THE INVENTION 

A computer network typically comprises a plurality of 
interconnected entities, An entity may consist of any device, 
such as a computer or end station, that "sources" (i.e., 
transmits) or "sinks" (i.e., receives) messages such as data 
frames. A common type of computer network is a local area 
network ("LAN") which typically refers to a privately 
owned network within a single building or campus. LANs 
typically employ a data communication protocol (LAN 
standard), such as Ethernet, FDDI or token ring, that defines 
the functions performed by the data link and physical layers 
of a communications architecture (i.e., a protocol stack). In 
many instances, several LANs may be interconnected by 
point-to-point links, microwave transceivers, satellite hook- 
ups, etc. to form a wide area network ("WAN") or intranet 
that may span an entire country or continent. 

One or more intermediate network devices are often used 
to couple LANs together and allow the corresponding enti- 
ties to exchange information. For example, a bridge may be 
used to provide a "bridging" function between two or more 
LANs. Alternatively, a switch may be utilized to provide a 
"switching" function for transferring information among a 
plurality of LANs or end stations. Typically, the bridge or 
switch is a computer and includes a plurality of ports that 
couple the device to the LANs or end stations. Ports used to 
couple switches to each other are generally referred to as a 
trunk ports, whereas ports used to couple a switch to LANs, 
end stations, servers, etc. are generally referred to as access 
ports. The switching function includes receiving data from a 
sending entity at a source port and transferring that data to 
at least one destination port for forwarding to the receiving 
entity. Switches and bridges typically store address infor- 
mation for use in reaching particular network entities in a 
block of memory called a filtering database. 

Additionally, most computer networks are either partially 
or fully meshed. That is, they include redundant communi- 
cations paths so that a failure of any given link or device 
does not isolate any portion of the network. The existence of 
redundant links, however, may cause the formation of cir- 
cuitous paths or "loops" within the network. Loops are 
highly undesirable because data frames may traverse the 
loops indefinitely. Furthermore, because switches and 
bridges replicate (i.e., flood) frames whose destination port 
is unknown or which are directed to broadcast or multicast 
addresses, the existence of loops may cause a proliferation 
of data frames that effectively overwhelms the network. 



Spanning Tree Algorithm 

To avoid the formation of loops, most bridges and 
switches execute a spanning tree algorithm which allows 
them to calculate an active network topology that is loop- 
5 free (i.e., a tree) and yet connects every pair of LANs within 
the network (i.e., the tree is spanning). The Institute of 
Electrical and Electronics Engineers (IEEE) has promul- 
gated a standard (the 802. ID standard) that defines a span- 
ning tree protocol to be executed by 802. ID compatible 
10 devices. In general, by executing the IEEE spanning tree 
protocol, bridges elect a single bridge to be the "root" 
bridge. Since each bridge has a unique numerical identifier 
(bridge ID), the root is typically the bridge with the lowest 
bridge ID. In addition, for each LAN coupled to more than 
15 one bridge, only one (the "designated bridge") is elected to 
forward frames to and from the respective LAN. The des- 
ignated bridge is typically the one closest to the root. Each 
bridge also selects one port (its "root port") which gives the 
lowest cost path from that bridge to the root. The root ports 
20 and designated bridge ports are selected for inclusion in the 
active topology and are placed in a forwarding state so that 
data frames may be forwarded to and from these ports and 
thus onto the corresponding paths or links of the network. 
Ports not included within the active topology are placed in 
25 a blocking state. When a port is in the blocking state, data 
frames will not be forwarded to or received from the port. A 
network administrator may also exclude a port from the 
spanning tree by placing it in a disabled state. The forward- 
ing and blocking states are stable spanning tree port states in 
30 that a port may remain in these states indefinitely (i.e., there 
is no prescribed limit on the time that can be spent in either 
of these states) 



| |()iSa1n^ 

itfgj^ftats^l, bridgcsfexchaiigen5pe"dal"EQessages""caired > 
^nfig^Mo nJjrio ^ 
BDJtlfijmej^ tcre^cute^ the^ 



/^ppc^identifier, amon^otherinformationrThe root identifier 

4frts^n^!unieric iSentifi er foT trie b7idgeassumed to be the root 
and the bridge identifier is the numeric identifier of the 
bridge sending the BPDU. The root path cost is a value 
representing the cost to reach the assumed root from the port 
on which the BPDU is sent and the port identifier is the 

45 numeric identifier of the port on which the BPDU is sent. 
Upon start-up, each bridge initially assumes itself to be 
the root and generates and transmits BPDU messages 
accordingly. Upon receipt of a BPDU message from a 
neighboring device, the message's contents are examined 

50 and compared with similar information (e.g., assumed root 
and lowest root path cost) stored by the receiving bridge. If 
the information from the received BPDU is "better" than the 
stored information, the bridge adopts the better information 
and uses it in the BPDUs that it sends (adding the cost 

55 associated with the receiving port to the root path cost) from 
its ports, other than the port on which the "better" informa- 
tion was received. Although BPDU messages are not for- 
warded by bridges, the identifier of the root is eventually 
prop agated toand adoj ted by all bridges as described above, 

60 ^lQ^if^y^Sio; sele^M ir^r^^ort^atiidBany desi gnated" > 

^ ' ^ ' 

In order to adapt the active topology to failures, bridges 
associate a timer with the BPDU information stored for each 
port. If the age of any stored BPDU information reaches a 

65 so-called maximum age, the corresponding BPDU informa- 
tion is considered to be stale and is discarded by the bridge. 
Normally, each bridge replaces its stored BPDU information 
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every hello time, which is the frequency at which the root Feb. 28, 1995 (the "'402 Patent"), for example, discloses an 

sends new BPDU messages, thereby preventing it from arrangement for associating any port of a switch with any 

being discarded and maintaining the current active topology. particular segregated network group. Specifically, according 

If a bridge stops receiving BPDU messages on a given port to the '402 Patent, any number of physical ports of a 

(indicating a possible link or device failure), it will continue 5 particular switch may be associated with any number of 

to increment the respective message age value until it groups within the switch by using a virtual local area 

reaches the maximum age threshold. The bridge will then network (VLAN) arrangement that virtually associates the 

discard the stored BPDU information and proceed to port with a particular VLAN designation. These VLAN 

re-calculate the root, root path cost and root port by trans- designations are also associated with the messages that are 

mitting BPDU messages utilizing the next best information 10 received on these ports. In particular, every time a message 

it has. The maximum age value used within the bridged is received on a given access port, the VLAN designation for 

network is typically set by the root, which enters a selected that port, as stored in a memory portion of the bridge, is 

value in its BPDU messages. Neighboring bridges copy this associated with the message. For convenience, each VLAN 

value into their BPDU messages, thereby propagating the designation is often associated with a different color, such as 

selected value throughout the network. The default maxi- 15 red, blue, green, etc. 

mum age value under the IEEE standard is twenty seconds. In many cases, it may be desirable to interconnect a 

^As-BPDUinfonnation~is~u^^ara^ plurality of these switches in order to extend the VLAN 

^the active topology is re-calculated rports may transition n associations of ports in the network. By extending VLAN 

^■from the blockmg _ state _ t6~tKe^forwarding state and vice J* associations across multiple devices, those entities having 

~ versa. Thatns~as a result of new BPDU informatiofi^a 20* the same VLAN designation function as if they are all part 
jpreviously^blocked port^rriay le arn that it should be in jhe f"^ of the same LAN segment. Message exchanges between 

^forwarding state (e.g.firis now the root port or a designated parts of the network having different VLAN designations are 

port)TTiatrjeTtIfan"transition directly from the blocking state specifically prevented in order to preserve the boundaries of 

to the forwarding state, ports transition through two or more each VLAN segment or domain. In addition to the '402 

intermediary or transitory states, such as a listening state and 25 Patent, the IEEE has also promulgated the 802.1 Q standard 

a learning state. The time spent in each of the listening and for Virtual Bridged Local Area Networks. The IEEE's 

the learning states is called the forwarding delay. As ports 802. 1Q standard supports VLANs and defines a specific 

transition between the blocked and forwarding states, enti- VLAN-tagged message format for transmission on trunks, 

ties may appear to move from one port to another. To prevent FIG. 1 is a partial block diagram of a tagged data frame 

bridges from distributing messages based upon incorrect 30 100 that is compatible with the 802.1 Q standard. Frame 100 

information, bridges quickly age-out and discard the "old" includes a header portion 102, which may be compatible 

information in their filtering databases. More specifically, with the Media Access Control (MAC) sub-layer, and data 

upon detection of a change in the active topology, bridges portion 104. The header 102, moreover, includes a plurality 

transmit Topology Change Notification Protocol Data Unit of fields. In particular, header 102 includes a MAC desti- 

(TCN-PDU) messages toward the root. The format of the 35 nation address (MAC DA) field 106 that identifies the 

TCN-PDU message is described in the IEEE 802. ID stan- network entity to which the frame 100 is to be delivered and 

dard and is well-known. The TCN-PDU message is propa- a MAC source address (MAC SA) field 108 that identifies 

gated hop-by-hop until it reaches the root which confirms the network entity that created the frame 100. Following the 

receipt of the TCN-PDU by setting a topology change flag MAC SA field 108 is a VLAN identifier (VLAN ID) or tag 

in all BPDUs subsequently transmitted by the root for a 40 field 110 that specifies the VLAN that has been associated 

period of time. Other bridges, receiving these BPDUs, note with the frame 100. In particular, VLAN ID field 110 is 

that the topology change flag has been set, thereby alerting loaded with a numeric identifier that corresponds to the 

them to the change in the active topology. In response, VLAN designation associated with the port on which mes- 

bridges significantly reduce the aging time associated with sage 100 was received. This tag, moreover, is examined and 

their filtering databases. Information contained in the filter- 45 understood by 802.1Q compatible devices, and the last 

ing databases is thus quickly discarded. device along the route removes the tag before transmitting 

Although the spanning tree protocol is able to maintain a the frame to the target end station, 

loop-free topology despite network changes and failures, Several alternatives exist for overlaying spanning trees or 

re-calculation of the active topology can be a time consum- active topologies on these virtually segregated network 

ing and processor intensive task. For example, re-calculation 50 groups or domains. The IEEE 802. 1Q standard, for example, 

of the spanning tree following the failure of a link or an specifies a single spanning tree within the respective bridged 

intermediate device can take thirty seconds or more. First, network regardless of the number of VLAN designations 

the corresponding BPDU information must time-out, which that have been defined. With this approach, the bridges 

typically takes twenty seconds. The affected ports may then exchange conventional BPDUs so as to define a single 

transition through the listening and learning states, remain- 55 loop-free topology for the network. Thus, all data frames, 

ing in each state for approximately fifteen seconds. Thus, it regardless of their VLAN associations, may be forwarded to 

takes approximately fifty seconds or more to recover from a and received from ports in the forwarding state, while no 

failure. During this time, message delivery is often delayed data frames may be forwarded to or received from blocked 

because ports in the listening and learning states do not parts. 

forward or receive messages. Such delays can have serious 60 An alternative to the 802. 1Q standardized approach is to 

consequences for time sensitive applications, such as voice define a separate spanning tree for each VLAN defined 

or video applications, which demand consistently low within the bridged network. This per VLAN spanning tree 

latency. In particular, these applications may stop or shut- architecture is described at IEEE 802.1s, which is the 

down in response to such disruptions. Multiple Spanning Trees Draft Supplement to the IEEE 

Virtual Local Area Networks 65 802.1Q Virtual Bridged Local Area Network Standard. With 

A computer network may also be segregated into a series this approach, bridges and switches exchange BPDUs, each 

of logical network segments. U.S. Pal. No. 5,394,402, issued of which is tagged with a VLAN designation just like data 
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frames. These tagged BPDUs are then processed by the FIG. 5B is a chart illustrating the events that trigger a 

switches so as to define a separate active network topology transition among the states of FIG. 5A; 
or spanning tree for each VLAN designation. Thus, for a FIG. 5C is a highly schematic representation of state 

given trunk port, messages associated with one VLAN information stored by the device of FIG. 3; and 
designation may be forwarded ^ received whereas mes- 5 FIG. 6 is a highly schematic block diagram of a notifi- 

M ge v T°£T ^ VL ^ r calion mcssa S* ^ accordance with the present invention, 

blocked. That is, the port is forwarding for the first VLAN 

but blocking for the second. Regardless of the spanning tree DETAILED DESCRIPTION OF AN 

approach that is adopted, however, re-calculation of the ILLUSTRATIVE EMBODIMENT 

spanning tree following a link or device failure can take a 10 

significant amount of time in networks supporting VLANs, FIG - 2 illustrates * computer network 200 in accordance 

and these delays can have deleterious consequences for time with the present invention. The network 200 includes a 

sensitive applications. plurality of local area networks (LANs) 202-226 each of 

which is coupled to one or more access switches 230-234. 

SUMMARY OF THE INVENTION is The access switches 230-234 are, in turn, interconnected 

with each other through a plurality of distribution or back- 
Briefly, the invention relates to a system and method for bone switches 236-246. Specifically, the access switches 
rapidly switching at least one virtual local area network 230-234 and backbone switches 236-246, which may also 
(VLAN) from a first loop-free topology to a second loop- be referred to as intermediate network devices, may be 
free topology in response to detecting a failure within the ^ interconnected by a series of trunks or links 248, such as 
first loop-free topology. Each VLAN denned for a computer point-to-point links. Links 248 basically represent commu- 
network is configured to include one "logical" VLAN which nications paths for transporting messages, such as data 
logically represents the entities organized into the defined frames, between various network components. Network 200 
VLAN, and a plurality of "physical" VLANs each associ- fu rtner indues two routers 250 and 252 which provide 
ated with its own VLAN designation. For each physical a dded functionality to the network 200. Routers 250 and 252 
VLAN, moreover, a different loop-free topology is defined arc preferably coupled to backbone switches, such as back- 
within the network. However, at any given time, only one of Done switches 244 and 246. 

the physical VLANs, and thus only one loop-free topology, Each access switch 230 _234 md backbone switch 
will be active ' for its corresponding logical VLAN. Mes- inchld( . s a of which> tf 

sages associated with the logical VLAN are tagged with the kd to , ^ 202-226 ( or a host, end station, server, 

designation of the currently active physical VLAN, and workstatioll) etc .) are referred to B access portS) and if 
forwarded along that physical VLAN s loop-free topology. , ed lolltrasikor link248 are referred to as trunk 

According to the invention, upon the detection of a link or te Each rt at , ^ vcn switch> moreovel( may be 

other failure m the loop-free topology defined by the cur- identified by a corresponding port number (e.g., port 1, port 

rally active physical VLAN, the logical VLAN is rapidly 3J 2 rt 3 etc ) Acc6SS switch 230 for 6 , e> has thr66 

switched to the loop-free topology defined by a second ^ ^ 254 ^ numbers j_ 3) and five access ^ 

physical VLAN to which the logical VLAN is also associ- ^orl numbers 4-8). Attached to each LAN 202-226 may be 

ated. More specifically, access ports corresponding to the a plurality of network enlities> such M hoslS) end stationSj 
logical VLAN are re-assigned to the second physical VLAN. ( flle print servers, etc.), workstations, 

Following thc switch to thc second physical VLAN, subse- 4o e , c Fof e le> aUached to ^ 202 js a fifSt sefver ^ 

quent messages associated with the logical VLAN are Md a „ ached to lan * a server 26 0. These 

tagged with thc designation of the second physical VLAN, nelwork entitks> moreover> ma or sink messages or 

and forwarded along its respective loop-free topology. The daU frames tQ one anolher ovef me network 20fJ Swilches 

physical VLAN which is selected as the new active topology 23I0-2M comprise conventional components and circuitry 

preferably has the affected link blocked so as to be fully 45 that al i ow them to associate spe ciflc ports with the hosts, end 

spanning. Accordingly, messages associated with the logical s(ationSj servcrs> worksUtion> routcrS( ctc . that arc ^pte 

VLAN can continue to be forwarded without having to wait thereto Qr othetwise accessible therethrough, 
for the spanning tree algorithm to be re-calculated. Thus, the „ .,„., ... . . j . 

, c .1. f- .• a- j i Selected LANs 202-226, and thus the hosts, end stations, 

network or the present invention suffers little or no delay , . . .. ' . . ., , . . . .. 

c _ t -i ~j t t . ■ . 1 .- r .t. servers and workstations attached thereto, may be logically 

from failures and, through appropriate selection of the new , , , • ' . , , 

u ■ 1 t/t am I c J •< ■ j j 50 grouped together to form one or more virtual local area 

physical VLAN, loss of connectivity is avoided. . , n„ .,,1 ,, en . 1 j • • 

' networks (VLANs). More specifically, a network admuns- 

BRIEF DESCRIPTION OF THE DRAWINGS lrator ma y define a plurality of VLANs within network 200. 

Each VLAN is preferably associated with a corresponding 

The invention description below refers to the accompa- numeric identifier or designation and, for convenience, may 

nying drawings, of which: 55 be further identified by a color code (e.g., red, blue, green, 

FIG. 1, previously discussed, is a block diagram of a yellow, etc.). The IEEE 802. 1Q standard, for example, 

conventional VLAN-tagged message; allocates the numeric identifiers 0-4095 as possible-VLAN 

FIG. 2 is a block diagram of a computer network in designations. In accordance with the IEEE standard, 

accordance with the present invention; numenc identifiers 0 and 4095 are reserved, thereby leaving 

, , ,. „ 60 4094 available VLAN designations for assignment by the 

FIG. 3 is a highly schematic functional block diagram of netWQrk adminislraton To ^ given lan, nost 

an intermediate network device m accordance with the cnd scry ^ c{c ^ a dcfined VLAN, the bridge or 

present invention, switch directly coupled t0 jj^N, host, end station, server 

FIGS. 4A-4B is a flow diagram of the methods of the c t c . preferably associates its corresponding access port with 

present invention; 65 ^ respective VLAN designation. For example, LANs 202, 

FIG. 5Ais a state diagram in accordance with the present 212 and 222 may all be associated with the red VLAN by 

invention; associating the respective access ports of the respective 
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switches 230-234 with thai color code. LANs 204, 210, 214 portions of the bridged network, but is instead directly 

and 224 may be similarly associated with the blue VLAN. connected to a LAN, host, end station, server, workstation, 

LANs 206 and 218 may be associated with the yellow etc. Nonetheless, it should be understood that two switches 

VLAN, and LANs 208, 216 and 226 associated with the may be interconnected by a shared media, such as LAN 220 

green VLAN. 5 which interconnects switches 232 and 234. A trunk port, on 

Access switches 230-234 and backbone switches the other hand, typically corresponds to a point-to-point link 

236-246 are further configured to tag, distribute and ulti- and provides connectivity from the switch 230 to other areas 

mately deliver VLAN associated messages, provided that of the bridged network 200. At switch 230, ports 302<2-c 

the VLAN tag of the message matches the VLAN designa- (port numbers 1-3) are each configured as trunk ports, while 

tion associated with the destination or target entity. In 10 ports 302d-h (port numbers 4-^8), which are coupled to 

particular, switches 230-246 associate their respective trunk LANs 210, 208, 206, 204 and 202, respectively, are each 

ports that are coupled to links 248 with the VLAN desig- configured as access ports. Trunk ports 302a-c are further 

nations or domains associated with the various LANs, hosts, configured to operate in accordance with either the 802.1 Q 

end stations, servers, etc. that may be reached through the or ISL encapsulation techniques. The configuration of the 

respective trunk port. Those skilled in the art will understand 15 various ports 302 as access or trunk ports may be performed 

that there are several techniques for propagating VLAN by the network administrator, either remotely or locally, 

membership information across the network 200 and thereby utilizing a conventional management protocol, such as 

associate trunk ports with VLAN designations. The IEEE, Simple Network Management Protocol (SNMP) or Cisco- 

for example, as part of the 802.1 Q standard, has defined the Works from Cisco Systems, Inc. 

Generic Attribute Registration Protocol VLAN Registration 20 Switch 230 also includes one or more frame transmission 

Protocol (GVRP) through which intermediate devices, end and reception objects 304 that are in communicating rela- 

stations, hosts, servers, workstations, etc. can issue and tionship with the ports 302a-A such that frames received at 

revoke declarations regarding their membership in specific a given port may be captured and frames to be transmitted 

VLANs. Propagation of VLAN membership information may be driven onto a given port. Frame reception and 

may alternatively take place through a dedicated protocol, %$ transmission object 304 preferably includes one or more 

such as the VLAN Trunk Protocol (VTP), which is described message storage structures, such as priority queues. Switch 

in the IEEE 802.1s Multiple Spanning Trees Draft 230 further includes a spanning tree entity 306, a topology 

Supplement, and is hereby incorporated by reference in its switch engine 308, a link state detection engine 310, at least 

entirety. Additionally, trunk ports 254 coupled to links 248 one forwarding entity 312 and a port configuration entity 

may be configured to operate in accordance with any num- 30 314. The designation of a port 302 as either an access or 

ber of VLAN encapsulation protocols, such as the IEEE trunk port and the corresponding VLAN encapsulation tech- 

802.1Q standard or the Inter-Switch Link (ISL) mechanism nique are preferably stored at or by the port configuration 

from Cisco Systems, Inc., as described in U.S. Pat. No. entity 314. The spanning tree entity 306 is in communicating 

5,742,604, which are both hereby incorporated by reference relationship with the frame transmission and reception 

in their entirety. 3S object 304 so as to receive bridge protocol data unit (BPDU) 

As shown, network 200 also includes a plurality of messages, and also includes one or more spanning tree state 

redundant communication paths interconnecting the access machine engines 316a-c for maintaining the spanning tree 

switches 230-234 and backbone switches 236-246. The states of the ports 302a-A. The topology switch engine 308, 

existence of such redundant links prevents portions of the which is in communicating relationship with the spanning 

network 200 from becoming isolated should any constituent 40 tree entity 306, the link state detection engine 310 and the 

link or device fail. Such redundancy, however, also results in port configuration entity 314, is coupled to or alternatively 

the creation of loops, which, as described above, are highly may include a topology state machine engine 318. As 

undesirable. To avoid the creation of loops, switches described below, the topology state machine engine 318 

230-246 preferably execute a spanning tree algorithm. In maintains the states of various loop-free topologies defined 

particular, switches 230-246 execute the spanning tree pro- 45 within network 200 (FIG. 2). 

tocol basically as described in the IEEE 802.1D Standard The forwarding entity 312 is also in communicating 

which is also hereby incorporated by reference in its entirety. relation with the frame transmission and reception object 

To avoid the delays inherent in re-calculation of the span- 304 so as to receive and forward data frames and other 

ning tree protocol, however, one or more access switches messages, and is also coupled to one or more filtering 

230-234 also provides for rapid topology switching as 50 databases 320a-c that store address information correspond- 

described below. j Dg t0 the entities of network 200 (FIG. 2). Specifically, each 

It should be understood that the network 200 of FIG. 2 is filtering database 320, which may be implemented as a 

meant for illustrative purposes only and that the present content addressable memory (CAM) device, has a plurality 

invention will operate with other network designs having of records or cells (not shown), including a destination 

possibly far more complex.topologies. It will also be under- 55 address cell, a destination port cell and a corresponding 

stood to those skilled in the art that there is no distinction timer cell. Each record or cell in the filtering databases 

from the spanning tree point of view between local and trunk 320a-c preferably corresponds to a particular network 

ports or between point-to-point trunks or links and shared entity. The forwarding entity 312 is configured to switch or 

media (e.g., LANs). bridge data frames received at a source port 302 to one or 

FIG. 3 is a partial functional block diagram of switch 230 60 more destinations ports 302 for forwarding depending on the 

that is configured in accordance with the present invention. matching information identified in the forwarding databases 

As described above, switch 230 includes a plurality of ports 320a-c as well as the states of the respective ports 310 as 

302a-/i, each of which is preferably identified by a number established by the plurality of spanning tree state machine 

(e.g., port numbers 1-8). Ports 302a-/i, moreover, are pref- engines 316a-c. 

erably configured in a conventional manner either as access 65 Topology switch engine 308 and topology state machine 
ports or as trunk ports. As mentioned above, an access port engine 318 may each comprise programmed or program- 
is a port 302 that does not provide connectivity to other mable processing elements containing software programs, 
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such as software modules or libraries, pertaining to the 
methods described herein and executable by one or more 
processing elements (not shown). Other computer readable 
media may also be used to store the program instructions for 
execution. Engines 308 and 318 may also be implemented in s 
hardware through a plurality of registers and combinational 
logic configured to produce sequential logic circuits and 
cooperating state machines. Those skilled in the art will 
recognize that various combinations of hardware and soft : 
ware components may also be utilized to implement the 10 
topology switch components of the present invention. 

Suitable intermediate network device platforms for use as 
access switch 230 include the Catalyst 8500® series of 
switch routers and/or the Catalyst® 6000 family of multi- 
layer switches both from Cisco Systems, Inc. 35 

With reference to the flow charts of FIGS. 4A-B, opera- 
tion of the present invention preferably proceeds as follows. 
First, the network administrator defines a plurality "logical" 
VLANs within network 200 (FIG. 2) and assigns selected 
network entities to these logical VLANs so as to create 20 
logical groups, as shown at block 402 of FIG. 4 A. As 
described above, the network administrator may conceptu- 
ally define the red, blue, yellow and green logical VLANs, 
each of which may be used to logically interconnect a 
different enterprise department, such as engineering, 25 
accounting, sales, and management. To define the logical 
VLANs and assign membership, the network manager may 
use a conventional Command line Interface (CLI) or 
SNMP. Alternatively, the network manager may use the 
VLAN Membership Policy Server (VMPS) Protocol and the 30 
VLAN Director interface from Cisco Systems, Inc. 

Each logical VLAN is then associated or augmented with 
one or more "physical" VLANs. More specifically, for each 
logical VLAN, the network administrator preferably defines 35 
a set of physical VLANs for association with the given 
logical VLAN, as indicated at block 404. In the preferred 
embodiment, each physical VLAN is assigned a different 
numerical identifier as provided in the 802. 1Q standard, 
which is hereby incorporated by reference in its entirety, and 4Q 
thus basically represents its own independent VLAN. For 
example, the network administrator may define the violet, 
purple, magenta and orange physical VLANs and associate 
each of them with the red logical VLAN. In accordance with 
the 802. 1Q standard, these physical VLANs may be 45 
assigned the numerical identifiers 10, U, 12 and 13, respec- 
tively. For the blue logical VLAN, the network administrator 
may define the brown, rose and gray physical VLANs, 
which may be assigned the numerical identifiers 14-16, 
respectively. For the yellow logical VLAN, the network 5Q 
administrator may define the cyan, crimson, silver and sea 
green physical VLANs, which, in turn, may be assigned 
numerical identifiers 17-20. For the green logical VLAN, 
the network administrator may define the turquoise, white 
and olive physical VLANs, which may be assigned numeri 
cal identifiers 21-23. 

The identity of the logical and physical VLANs and the 
association of physical VLANs to logical VLANs, as estab- 
lished by the network administrator, are preferably stored at 
or by the topology state machine engine 318. In addition, the 60 
topology switch engine 308 preferably informs the forward- 
ing entity 312 of the identities of the physical VLANs as 
they are defined, and the forwarding entity 312, in turn, 
establishes a separate filtering database 320 for each physi- 
cal VLAN. 65 

Next, a loop-free topology is established for each physical 
VLAN, as shown at block 406. Those skilled in the art will 



55 



understand that there are several mechanisms or techniques 
available to establish separate loop-free topologies for each 
physical VLAN. For example, the network administrator 
may manually define the loop-free topology for each physi- 
cal VLAN. The network administrator may interact with a 
graphical user interface that displays a map of the network 
and utilize CU or SNMP to manually establish the loop-free 
topologies of the physical VLANs. Conventional network 
management facilities, such as HP Op en View® from 
Hewlett-Packard Co. of Palo Alto, Calif, or NetView 6000 
from International Business Machines Corp. of Armonk, 
N.Y., are capable of displaying such network maps, The port 
states (i.e., blocked or forwarding) associated with each 
manually defined loop-free topology are then stored at or by 
the respective spanning tree state machine engines of each 
switch, such as engines 316 of switch 230. Alternatively, the 
network administrator may rely on the execution spanning 
tree protocol to define the loop-free topologies associated 
with the physical VLANs. More specifically, switches 
230-246 may be configured to generate, exchange and 
process BPDU messages that are tagged with the designa- 
tions of the physical VLANs, thereby defining a loop-free 
topology for each physical VLAN. In particular, the network 
administrator may configure the spanning tree entity at each 
switch to establish a spanning tree state machine engine for 
each physical VLAN. 

Those skilled in the art will understand that other mecha- 
nisms may be used to define the loop-free topologies. For 
example, the intermediate network devices could run a link 
state advertisement protocol, such as the one utilized in the 
well-known Open Shortest Path First routing protocol, to 
capture the topology of the network. Once the topology is 
discovered, a network administrator could use graph algo- 
rithms to determine which ports to block for each physical 
VLAN. 

Regardless of the manner by which the loop-free topolo- 
gies are defined, the set of physical VLANs associated with 
each logical VLAN are preferably configured and estab- 
lished so that, for every link 248 of network 200, there is at 
least one physical VLAN within that set whose loop-free 
topology has that link 248 in the blocked state. For example, 
the loop-free topology established for a first physical VLAN 
may have the link between switches 238 and 244 blocked, 
whereas the loop-free topology established for a second 
physical VLAN may have the link 248 between switches 
240 and 246 blocked and so on until every link 248 of 
network 200 is blocked by at least one loop -free topology. 
The number of physical VLANs that are required to meet 
this goal can be defined by the following equation: 



■r M i 



where, 

X is the number of physical VLANs that are required; 

M is the number of links or trunks within the network; 

N is the number of nodes (i.e., bridges and switches) 
within the VLAN bridged network; and 

the half parentheses symbol on the right side of the 
equation means a "ceiling of function is to be applied 
to the real number inside the half parentheses, thereby 
obtaining an integer for X, such that the integer X is the 
smallest integer that satisfies the equation X^ the real 
number inside the half parenthesis, e.g., if the real 
number inside the half parentheses is 3.675, then X is 
4, if the real number is-2.0001, then X is 3, etc. 
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In order to force or constrain the spanning tree protocol to corresponding switch ports are either in the blocked, for- 

define loop-free topologies having the desired properties warding or disabled states) and thus represents a stable 

(i.e., the blocking of each network link by at least one topology. The active state 506 corresponds to a loop- free 

physical VLAN), the network administrator preferably topology that has been designated to carry the traffic for the 

modifies the bridge identifiers and port costs of the various 5 respective logical VLAN, as described below. Only one 

switches 230-246 within network 200 for each physical physical VLAN (i.e., one loop-free topology) may be des- 

VLAN so that the resulting loop-free topologies will block ignated to carry traffic for its logical VLAN at any given 

the desired links 248. A mechanism for adjusting the bridge time. 

identifier and port costs on a VLAN-by-VLAN basis is FIG. 5B is a list of events 508 that may cause a transition 

described in U.S. patent application Ser. No. 08/998,412 10 among the states of the state diagram of FIG. 5A. In 

entitled, FAST RECONFIGURATION OF SPANNING particular, event El corresponds to a loop-free topology 

TREES, filed Dec. 24, 1997, which is hereby incorporated converging, and thus results in a transition from the unusable 

by reference in its entirety. For each switch 230-246, the state 502 to the stand-by state 504. Event E2 corresponds to 

network administrator can adjust the bridge identifier, which a particular physical VLAN being selected as the designated 

is utilized to elect the root, and port costs and port identifiers, is VLAN for its respective logical VLAN, and thus results in 

which are used to determine the lowest cost path to the root. a transition from the stand-by state 504 to the active state 

In general, the network administrator may adjust the bridge 506. Event E3 corresponds to the detection of a link or 

identifiers of switches 230-246 so as to force the election of device failure in a previously stable topology, and thus 

a selected root for a first physical VLAN, and then observe causes a transition from either the active state 506 or the 

which links are blocked and which are forwarding. The 20 stand-by state 504 to the unusable state 502. Similarly, event 

blocked links will typically be those links that are distant E4 corresponds to a partition in the respective physical 

from the root. The root for a second physical VLAN is then VLAN, and thus also causes a transition from either the 

selected in proximity to the blocked links of the first physical active state 506 or the stand-by state 504 to the unusable 

VLAN in a similar manner (e.g., by adjusting the bridge state 502. 

identifiers of switches 230-246). This will typically result in 25 FIG. 5C is a highly schematic representation of informa- 

the blocked links of the second physical VLAN generally tion arranged as an array or table 510 that is stored at or by 

corresponding to the forwarding links of the first physical the topology state machine engine 318. Table 510 contains 

VLAN. This process is then repeated several times, with a first column 512 that identifies each of the logical VLANs 

adjustments made to port costs as necessary, to achieve the of which switch 230 is aware (e.g., red, blue, yellow and 

desired result (i.e., each link being blocked for at least one 30 green). For each logical VLAN, the table 510 also includes 

physical VLAN). a second column 514 that identifies the physical VLANs 

Those skilled in the art will understand that this may be associated with each logical VLAN by their numeric iden- 

done manually by the network administrator or automated tifiers. Following the above example, the red logical VLAN 

with a dedicated protocol or algorithm. It may also be is associated with the violet, purple, magenta and orange 

bounded to the discovery of the network topology as 35 physical VLANs, the blue logical VLAN is associated with 

described above. the brown, rose and gray physical VLANs, the yellow 

If the network administrator is relying on the spanning logical VLAN is associated with the orange, crimson, silver 

tree protocol to define the loop-free topology of each physi- and sea green physical VLANs and so on. Table 510 further 

cal VLAN, then the spanning tree entity 306 begins formu- includes a third column 516 that specifies the current state of 

lating and transmitting BPDU messages tagged with the 40 the loop-free topology established for each physical VLAN. 

VLAN designations for each physical VLAN upon initial- As indicated above, a loop-free topology may be in any one 

ization of the respective switch. In particular, the spanning of three possible states: unusable, active and stand-by. 

tree entity 306 preferably formulates and transmits BPDU In the preferred embodiment, whenever a loop- free topol- 

messages that have been tagged with the VLAN designa- ogy transitions to the stand-by state, the topology switch 

tions corresponding to violet, purple, magenta, orange, 45 engine 308 directs the forwarding entity 312 to purge (e.g., 

brown, rose, etc. physical VLANs. These tagged BPDU delete) the contents of the respective filtering database for 

messages are received and processed by the switches that loop-free topology. For example, when the orange 

230-246 as described above. The spanning tree state physical VLAN which is associated with the red logical 

machine engines 316 then transition the port slates on a VLAN enters the stand-by state as shown in FIG. 5 C, the 

per- VLAN basis. Thus, a separate loop-free topology is 50 filtering database 320 that corresponds to the orange physi- 

defined by the respective spanning tree entities for each cal VLAN is purged. As described below, the to purging of 

physical VLAN. stand-by filtering databases facilitates the rapid transition to 

The topology state machine engine 318, which maintains a stand-by physical VLAN upon the occurrence of a failure 

a corresponding spanning tree state for each physical in the active physical VLAN. 

VLAN, preferably monitors the execution of the spanning 55 In order to begin forwarding messages associated with a 

tree protocol by the spanning tree entity 306. FIG. 5 A is a logical VLAN, the topology switch engine 308 designates a 

state diagram 500 of the various states of the loop-free selected physical VLAN as the active physical VLAN for 

topologies represented by the physical VLANs defined each logical VLAN, as indicated at block 408 (FIG. 4A). 

within network 200. As shown, the loop-free topology for The designation of is a selected physical VLAN may occur 

each physical VLAN may be in one of three possible states: 60 in several ways. For example, the topology switch engine 

an unusable state 502, a stand-by state 504 and an active 308 may select the first physical VLAN that converges and 

state 506. The unusable state 502 corresponds to a loop-free thus transitions to the stand-by state. An alternative 

topology that has not yet converged (e.g., one or more switch approach is to select the physical VLAN having the lowest 

ports are in the listening or learning states) or has become (or highest) numerical identifier. Upon designating a 

partitioned (e.g., connectivity has been lost with part of the 65 selected physical VLAN, the topology switch engine 308 

physical VLAN domain). The stand-by state 504 corre- preferably informs the topology state machine engine 3 18 of 

sponds to a loop-free topology that has converged (e.g., all the designation, which, in turn, transitions the state of the 
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designated physical VLAN to active, thereby signifying that 
it has become the designated physical VLAN for this logical 
VLAN. The topology switch engine 308 also informs the 
port configuration entity 314 of the selection of a designated 
physical VLAN. In response, the port configuration entity 
314 associates each access port 302d-302/i that is directly 
coupled to members of the logical VLAN with the desig- 
nated physical VLAN, as indicated at block 410. For 
example, suppose the purple physical VLAN is selected as 
the designated VLAN for the red logical .VLAN. In 
response, its state transitions to active and the port configu- 
ration entity 314 associates all access ports directly coupled 
to members of the red logical VLAN (e.g., port 302A) with 
the purple physical VLAN. This process is repeated at all 
access switches 230-234 so that access ports coupled to all 
members of the red logical VLAN are associated with the 
purple VLAN designation (i.e., numeric identifier 11). 

Thereafter, traffic (e.g., data frames) received at an access 
port for forwarding on a trunk port are tagged with the 
physical VLAN that has been associated with that access 
port. Continuing with the above example, since access port 
302A (port number 8) corresponds to the red logical VLAN, 
and the purple physical VLAN has been selected as the 
designated VLAN for this logical VLAN, then port configu- 
ration entity 314 associates port 302/i with the purple 
VLAN. As a result, a message from server 258 is received 
at port 302/i (port number 8), captured and handed to the 
forwarding entity 312 for processing. Forwarding entity 312 
in cooperation with the port configuration entity 314 deter- 
mines that the message has been received on an access port 
that is associated with the purple physical VLAN. In 
response, the forwarding entity 312 performs a look-up on 
the filtering database 320 associated with the purple physical 
VLAN, using the contents of the MAC DA field of the 
received message. If the message is to be forwarded on a 
trunk port (e.g., port 302Z>), the forwarding entity 312 
appends a VLAN ID field 110 (FIG. 1) to the message, loads 
the purple physical VLAN's numeric identifier therein and 
drives the message onto port 302Z> for forwarding. 

Similarly, suppose a message 100 (FIG. 1) is received at 
switch 230 on a trunk port, such as port 302fc, that carries the 
purple VLAN designation in its VLAN ID field 110 and is 
addressed to server 258. Forwarding entity 312 preferably 
uses the contents of the MAC DA field 106 to perform a 
look-up on the filtering database 320 for the purple VLAN, 
The look-up will identify port 302/i (port number 8) which 
is coupled to server 258. Since this is an access port, 
forwarding entity 312 strips off the VLAN ID field 110 and 
drives the un-tagged message onto port 302/i for delivery to 
server 258. 

Significantly, the present invention allows switch 230 to 
continue forwarding traffic with little or no disruption 
despite link or device failures. For example, suppose as 
described above, that the purple physical VLAN has been 
selected as the designated VLAN for the red logical VLAN. 
Furthermore, suppose that execution of the spanning tree 
protocol by the spanning tree state machine engine 316 for 
the purple physical VLAN results in ports 302a and 302c 
(port numbers 1 and 3) being blocked and port 3026 (port 
number 2) forwarding. As described above, traffic received 
at switch 230 on access port 320/i (port number 8) and thus 
corresponding to the red logical VLAN is tagged with the 
purple physical VLAN designation (i.e., numerical identifier 
11) by the forwarding entity 312 and forwarded through 
trunk port 302Z>. If link 248 coupled to port 3026 fails, the 
failure is detected by the link state detection engine 310, and 
it, in response, alerts the topology switch engine 308, as 



indicated at block 412 (FIG. 4A). The topology switch 
engine 308 informs the topology state machine engine 318 
of the failure, and in cooperation with state machine engine 
318 identifies all of the logical VLANs that arc utilizing the 

s affected port or link, as indicated at block 414. The topology 
state machine engine 318 treats the failure as an £1 event 
and, accordingly, transitions the affected physical VLAN 
(i.e., purple) to the unusable state, as indicated at block 416 
(FIG. 4B) and as illustrated by the arrow indicating a 

10 transition from the active to the unusable state for entry 518 
of table 510 (FIG. 5C). Although, for purposes of 
explanation, table 510 illustrates the transition between 
states, it should be understood that table 510 preferably only 
stores the current state of each physical VLAN (e.g., active, 

15 unusable or stand-by) and not the transition between two 
states. 

The topology switch engine 308 next proceeds to identify 
a back-up physical VLAN for each logical VLAN affected 
by the failure, as indicated at block 418. Specifically, topol- 

20 ogy switch engine 308 identifies a physical VLAN that is in 
the stand-by state and that also has the affected port or link 
blocked. As described above, the spanning tree entity 306 
has been configured to define a loop -free topology for every 
physical VLAN. The physical VLANs and thus the loop-free 

25 topologies, moreover, have been established such that, for 
every link 248 in network 200, there is at least one physical 
VLAN for every logical VLAN whose loop-free topology 
has that link blocked. Thus, there is at least one physical 
VLAN associated with the red logical VLAN whose loop- 

30 free topology has port 3026 blocked. Suppose that the 
topology switch engine 308 identifies the orange physical 
VLAN (numerical identifier 13) as having port 3026 in the 
blocked state. Topology switch engine 308 selects the 
orange physical VLAN as the newly designated physical 

3S VLAN for the red logical VLAN. In response, the topology 
state machine engine 318 transitions the state of this physi- 
cal VLAN from stand-by to active, shown at block 420 (FIG. 
4B) and as illustrated by the arrow indicating a transition 
from the stand-by to the active state in entry 520 of table 510 

40 (FIG. 5Q. 

Next, the entire membership of the red logical VLAN 
within the network 200 is switched from the purple physical 
VLAN to the orange physical VLAN, as indicated at block 
422. More specifically, topology switch engine 308 informs 

45 the port configuration entity 314 of the designation of the 
orange physical VLAN as the newly active VLAN for the 
red logical VLAN. In response, the port configuration entity 
314 changes the VLAN association of each access port 
coupled to members of the red is logical VLAN from the 

50 purple VLAN (numerical identifier 11) to the orange VLAN 
(numerical identifier 13). Thus, all the LANs, hosts, end 
stations, servers, workstations, etc. that were associated with 
the purple physical VLAN at switch 230 are now associated 
with the orange physical VLAN. It should be understood 

55 that the re- assignment of access ports from one physical 
VLAN designation to another can be rapidly accomplished 
(e.g., in a mater of milliseconds). It should, be further 
understood that the assignment of physical VLANs at the 
trunk ports is left unchanged despite the failure. That is, only 

60 the VLAN assignment of the access ports (which are directly 
coupled to VLAN member entities) is changed. 

In order to alert the other switches within network 200 of 
this change in physical VLANs and thereby complete the 
switch to the new physical VLAN, the topology switch 

65 engine 308 generates and sends one or more notification 
messages to the other switches within network 200, as 
indicated at block 424. The notification messages, which are 
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transmitted by a reliable broadcast mechanism, alert these 
switches of the change affecting the red logical VLAN. FIG. 
6 is a highly schematic block diagram of a preferred noti- 
fication message 600. Message 600 includes a header por- 
tion 602 that is compatible with the MAC sub-layer, and a s 
message area 604. The header 602 includes a MAC SA field 
608 and a MAC DA field 606 and a VLAN ID field 610. The 
message area 604 includes a sequence number field 612, a 
logical VLAN ID field 614, a former physical VLAN ID 
field 616 and a newly active VLAN ID field 618. Those 10 
skilled in the art will understand that notification message 
600 may include additional fields such as type fields, length 
fields, version fields, etc. Topology switch engine 308 pref- 
erably loads the bridge ID for switch 230 in the MAC SA 
field 608 a group multicast address in the MAC DA field 606 is 
and places the VLAN ID for the old physical VLAN in field 
610. In message area 604, topology switch engine 308 enters 
a selected sequence number in field 612, the identifier of the 
affected logical VLAN (e.g., red) in field 614, the identifier 
of the former physical VLAN (e.g., purple) in field 616 and 20 
the identifier of the newly activated physical VLAN (e.g., 
orange) in field 618. Switch 230 then forwards the notifi- 
cation message 600 out each of its trunk ports that are in the 
forwarding state for any VLAN. 

The notification message 600 is received at each of the 25 
neighboring switches (i.e., switches 236 and 240) and, by 
virtue of the selected group multicast address, it is captured 
and forwarded to the topology switch engines at those 
devices. The topology switch engines at switches 236 and 
240 store the sequence number of message 600. Switches 30 
236 and 240 forward a copy of the notification message 600 
from each of their trunk ports that are in the forwarding state 
(other than the port on which the message 600 was received) 
and may return an acknowledgement to switch 230. As a 
result, notification message 600 is propagated throughout 35 
the network 200 and received at each access switch coupled 
to members of the red logical VLAN. At each switch, the 
notification message 600 is passed to the topology switch 
engine at that device. The topology switch engine, in coop- 
eration with the port configuration entity, determines 40 
whether there are any access ports presently associated with 
the physical VLAN identified in the old active VLAN ID 
field 616 (e.g., purple), and, if so, switches (i.e., changes or 
re- assigns) those ports to the physical VLAN identified in 
the newly active VLAN ID field 618 (e.g., orange). The 45 
switch also purges the contents of the filtering database 
associated with the newly active physical VLAN. 
Thereafter, traffic received on an access port that was 
associated and tagged with the purple physical VLAN is 
now associated and tagged with the orange VLAN. so 

It should be understood that switch 230 may send multiple 
copies of the notification message 600, using the same 
sequence number, to ensure that they are received. The 
sequence number is used by receiving switches to discard 
any duplicate copies of the message 600. It should be further 55 
understood that switch 230 may alternatively use a message 
format and mechanism that is similar to the TCN-PDU 
messages of the spanning tree protocol to disseminate 
changes in physical VLANs or may use the VTP protocol to 
alert other switches of the change in physical VLANs for the 60 
red logical VLAN. 

Upon receiving the acknowledgements confirming that 
the notification message 600 has been received by its 
neighbors, switch 230 is free to begin tagging and forward- 
ing traffic for the red logical VLAN with the newly desig- 65 
nated orange physical VLAN designation, as indicated at 
block 426 (FIG, 4B). Switch 230 utilizes the filtering 



database 320 corresponding to the orange physical VLAN to 
render forwarding decisions for messages associated with 
the red logical VLAN. As described above, the filtering 
database 320 for the orange physical VLAN was purged 
when the respective loop-free topology entered the stand-by 
state, thereby ensuring it does not contain any stale infor- 
mation when forwarding entity 312 begins to utilize it. 

It should be understood that the filtering database of the 
selected physical VLAN could be purged at the time the time 
the respective loop-free topology transitions from stand-by 
to active. It should also be understood that switch 230 may 
begin forwarding messages associated with the red logical 
VLAN along the newly selected physical VLAN before 
receiving acknowledgements from its neighbors. 

Topology switch engines 308 also preferably implement 
one or more tie-breaking rules to resolves any conflicts in the 
designation of physical VLANs to logical VLANs. More 
specifically, suppose the same failure affecting a first logical 
VLAN is detected at two switches, and suppose further that 
the first logical VLAN is currently associated with a first 
physical VLAN. The first switch may decide to switch the 
first logical VLAN to a second physical VLAN, while the 
second switch may decide to switch the same logical VLAN 
to a third physical VLAN. To resolve such conflicts, the 
topology switch engines 308 preferably apply a tie-breaking 
rule. For example, the topology switch engines 308 may 
adopt the physical VLAN having the lowest (or highest) 
numerical identifier, based on the notification messages 
received from the first and second switches. During this 
resolution phase, other switches may first switch to an 
intermediate physical VLAN before converging on the same 
physical VLAN. 

It should be understood that each logical VLAN may also 
have its own VLAN numeric identifier as provided by the 
IEEE 802.1 Q standard, and that this numeric identifier may 
be used as the initial physical VLAN for that logical VLAN. 

The foregoing description has been directed to specific 
embodiments of this invention. It will be apparent, however, 
that other variations and modifications may be made to the 
described embodiments, with the attainment of some or all 
of their advantages. For example, although it is preferred 
that the set of physical VLANs established for a given 
logical VLAN be defined and configured so as to block 
every link of the network, the invention can be implemented 
with fewer physical VLANs. That is, even with less than an 
otherwise full complement of physical VLANs, the present 
invention nevertheless provides substantial improvements in 
quickly recovering from failures. In addition, rather than 
purging the contents of the filtering database when the 
respective physical VLAN is elected as the new active 
physical VLAN, the filtering database of the old, now 
unusable physical VLAN may be purged following its 
transitioning to the unusable state. Therefore, it is the object 
of the appended claims to cover all such variations and 
modifications as come within the true spirit and scope of the 
invention. 

What is claimed is: 

1. A method for use in an intermediate network device 
configured to forward messages in a computer network, the 
method comprising the steps of: 

establishing one or more logical virtual local area net- 
works (VLANs) at the intermediate network device; 

defining a set of physical VLANs for each logical VLAN, 
each physical VLAN having an identifier; 

for each physical VLAN, establishing a corresponding 
loop-free topology within the computer network; 

for a given logical VLAN, designating a first physical 
VLAN of the set and its respective loop-free topology 
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for tagging and forwarding messages associated with 
the given logical VLAN; 

detecting a failure in the loop-free topology of the first 
physical VLAN; and 

in response to the step of detecting, switching the given 5 
logical VLAN from the first physical VLAN to a 
second physical VLAN for use in lagging and forward- 
ing messages associated with the given logical VLAN. 

2. The method of claim 1 wherein the intermediate 
network device includes a plurality of ports that transition iq 
among a plurality of spanning tree port states, including one 

or more transitory states and one or more stable states and 
further wherein all spanning tree port states for the second 
physical VLAN are in the stable state, thereby allowing the 
intermediate network device to rapidly resume forwarding ^ 
messages associated with the given logical VLAN. 

3. The method of claim 1 further comprising the step of 
generating for transmission one or more notification mes- 
sages from the intermediate network device, the one or more 
notification messages identifying the given logical VLAN 20 
and including the identifiers of the first and second physical 
VLANs. 

4. The method of claim 3 further comprising the step of, 
in response to receiving the one or more notification mes- 
sages at a second intermediate network device, switching the 2 5 
given logical VLAN from the first physical VLAN to the 
second physical VLAN. 

5. The method of claim 1 further comprising the step of 
establishing a separate filtering database for each physical 
VLAN, each filtering database storing address information $q 
of entities disposed within the computer network. 

6. The method of claim 1 further comprising the step of 
transitioning each physical VLAN among one of unusable, 
stand-by or active states, whereby the unusable state corre- 
sponds to the loop-free topology of the respective physical 35 
VLAN not being converged, the stand-by state corresponds 

to the loop -free topology of the respective physical VLAN 
reaching convergence, and the active state corresponds to 
the respective physical VLAN being designated for its 
corresponding logical VLAN. 40 

7. The method of claim 6 further comprising, in response 
to the step of detecting, the steps of: 

transitioning the state of the first physical VLAN to the 

unusable state; and 
transitioning the state of the second physical VLAN to the 45 

active state. 

8. The method of claim 1 wherein the computer network 
has a plurality of trunk links and the set of physical VLANs 
for the given logical VLAN are defined so that each trunk 
link of the computer network is blocked by the loop-free 50 
topology established for at least one of the physical VLANs. 

9. The method of claim 8 wherein the intermediate 
network device has one or more ports coupled to one or 
more respective trunk links and the detected failure affects 
the forwarding of messages on a particular trunk link, further 55 
wherein the second physical VLAN has the particular trunk 
link blocked. 

10. The method of claim 1 wherein the step of establishing 
comprises the step of executing a spanning tree protocol on 

a per-VLAN basis so as to define the corresponding loop- 60 
free topologies. 

11. The method of claim 1 wherein the step of establishing 
comprises the step of manually defining the corresponding 
loop-free topologies. 

12. An intermediate network device having a plurality of 65 
ports for forwarding messages in a computer network in 
which a plurality of logical virtual local area networks 
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(VLANs) are defined each having one or more members, the 
intermediate network device comprising: 

a topology switch engine configured to associate each 
logical VLAN with a set of physical VLANs each 
having its own identifier, and to designate one physical 
VLAN from the respective set for each logical VLAN; 

means for establishing a loop-free topology within the 
computer network for each physical VLAN; 

a port configuration entity in communicating relationship 
with the topology switch engine, the port configuration 
entity configured to associate each port directly coupled 
to members of a first logical VLAN with the identifier 
of the designated physical VLAN for the first logical 
VLAN; and 

a link state detection engine coupled to the ports and in 
communicating relationship with the topology switch 
engine, the link state detection engine configured to 
detect failures at the ports, 

whereby, in response to the detection of a failure at a port 
affecting the forwarding of messages for the first logi- 
cal VLAN, the topology switch engine selects a back- 
up physical VLAN for the first logical VLAN and 
directs the port configuration entity to switch the asso- 
ciation of each port directly coupled to members of the 
first logical VLAN to the back-up physical VLAN. 

13. The intermediate network device of claim 12 further 
comprising means for tagging and forwarding messages 
from members of the first logical VLAN with the identifier 
of the associated physical VLAN. 

14. In an intermediate network device configured to 
forward messages in a computer network in which a plu- 
rality of logical virtual local area networks (VLANs) are 
defined, a set of physical VLANs are defined for each logical 
VLAN, each physical VLAN having an identifier, and a 
loop-free topology is established within the network for each 
physical VLAN, a computer readable medium containing 
executable program instructions for switching the logical 
VLANs from between different loop-free topologies, the 
executable program instructions comprising program 
instructions for: 

for a given logical VLAN, designating a first physical 
VLAN and its respective loop-free topology for tagging 
and forwarding messages associated with the given 
logical VLAN; 

detecting a failure in the loop -free topology of the first 
physical VLAN; and 

in response to the step of detecting, switching the given 
logical VLAN from the first physical VLAN to a 
second physical VLAN. 

15. The computer readable medium of claim 14 further 
comprising a program instruction for transitioning each 
physical VLAN among one of unusable, stand-by or active 
states, whereby the unusable state corresponds to the loop- 
free topology of the respective physical VLAN not being 
converged, the stand-by state corresponds to the loop-free 
topology of the respective physical VLAN reaching 
convergence, and the active state corresponds to the respec- 
tive physical VLAN being designated for its corresponding 
logical VLAN. 

16. The computer readable medium of claim 15 further 
comprising, in response to the step of detecting, the pro- 
grams instructions for: 

transitioning the state of the first physical VLAN to the 

unusable state; and 
transitioning the state of the second physical VLAN to the 

active state. 
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17. The computer readable medium of claim 14 wherein 
the computer network has a plurality of trunk links and each 
trunk link is blocked by the loop-free topology of at least one 
of the physical VLANs, the intermediate network device has 
one or more ports coupled to one or more respective trunk s 
links and the detected failure affects the forwarding of 
messages of the given logical VLAN on a particular trunk 
link, further wherein the program instruction for switching 
provides that the second physical VLAN has the particular 10 
trunk link blocked. 

18. In an intermediate network device configured to 
forward messages in a computer network in which a plu- 
rality of logical virtual local area networks (VLANs) are 
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defined, a method for switching the logical VLANs between 
different loop-free topologies, the method comprising the 
steps of: 

defining a set of physical VLANs for each logical VLAN, 
each physical VLAN having an identifier; 

for each physical VLAN, establishing a corresponding 
loop-free topology within the computer network; and 

for a given logical VLAN, designating a first physical 
VLAN and its respective loop -free topology from the 
respective set for use in tagging and forwarding mes- 
sages associated with the given logical VLAN. 

***** 
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